revengerat | 97b25fb6b6b9c92ec259ff7e1e80c5cebdca22458e244c7185cddc9fc95e4530 | Triage

Sharing

General

Target

97b25fb6b6b9c92ec259ff7e1e80c5cebdca22458e244c7185cddc9fc95e4530
Size

16KB
Sample

220201-fmgssahabj
MD5

626794670ad6cf1d075f6b7dcc57019b
SHA1

f7653fcc5b0fdd0119e35ab7381aad5a4ff8b6fb
SHA256

97b25fb6b6b9c92ec259ff7e1e80c5cebdca22458e244c7185cddc9fc95e4530
SHA512

1767f181744fa163dd2c2403a23857f1e3bba0e14db2e730b9613e89ad98a82200ee18554aa2ea517f49407b1f3530cd5f12209058f26875c5946ae90cba1b40

Score

10^/10

revengerat mohaaaa persistence stealer

Malware Config

Extracted

Family

revengerat

Botnet

MOHAAAA

C2

patopapao.hopto.org:5540

Mutex

MOHAAAA#####@@@@@

Targets

- Target
  
  97b25fb6b6b9c92ec259ff7e1e80c5cebdca22458e244c7185cddc9fc95e4530
- Size
  
  16KB
- MD5
  
  626794670ad6cf1d075f6b7dcc57019b
- SHA1
  
  f7653fcc5b0fdd0119e35ab7381aad5a4ff8b6fb
- SHA256
  
  97b25fb6b6b9c92ec259ff7e1e80c5cebdca22458e244c7185cddc9fc95e4530
- SHA512
  
  1767f181744fa163dd2c2403a23857f1e3bba0e14db2e730b9613e89ad98a82200ee18554aa2ea517f49407b1f3530cd5f12209058f26875c5946ae90cba1b40
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealermohaaaarevengerat

behavioral1

behavioral2